Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2024-0581
Vulnerability from csaf_certbund
Published
2024-03-07 23:00
Modified
2024-03-07 23:00
Summary
Apple iOS und Apple iPadOS: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Das Apple iOS (vormals iPhone OS) ist das Betriebssystem für das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch.
Das Apple iPadOS ist das Betriebssystem für das von Apple entwickelte iPad.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um vertrauliche Informationen offenzulegen, einen Phishing-Angriff durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen.
Betroffene Betriebssysteme
- iPhoneOS
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Das Apple iOS (vormals iPhone OS) ist das Betriebssystem für das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch.\r\nDas Apple iPadOS ist das Betriebssystem für das von Apple entwickelte iPad.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple iOS und Apple iPadOS ausnutzen, um vertrauliche Informationen offenzulegen, einen Phishing-Angriff durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen.", title: "Angriff", }, { category: "general", text: "- iPhoneOS", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0581 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0581.json", }, { category: "self", summary: "WID-SEC-2024-0581 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0581", }, { category: "external", summary: "Apple Security Update vom 2024-03-07", url: "https://support.apple.com/en-us/HT214081", }, ], source_lang: "en-US", title: "Apple iOS und Apple iPadOS: Mehrere Schwachstellen", tracking: { current_release_date: "2024-03-07T23:00:00.000+00:00", generator: { date: "2024-08-15T18:06:14.457+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2024-0581", initial_release_date: "2024-03-07T23:00:00.000+00:00", revision_history: [ { date: "2024-03-07T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "< 17.4", product: { name: "Apple iOS < 17.4", product_id: "T033302", }, }, { category: "product_version_range", name: "< 16.7.6", product: { name: "Apple iOS < 16.7.6", product_id: "T033304", }, }, ], category: "product_name", name: "iOS", }, { branches: [ { category: "product_version_range", name: "< 17.4", product: { name: "Apple iPadOS < 17.4", product_id: "T033303", }, }, { category: "product_version_range", name: "< 16.7.6", product: { name: "Apple iPadOS < 16.7.6", product_id: "T033305", }, }, ], category: "product_name", name: "iPadOS", }, ], category: "vendor", name: "Apple", }, ], }, vulnerabilities: [ { cve: "CVE-2024-23297", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23297", }, { cve: "CVE-2024-23293", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23293", }, { cve: "CVE-2024-23292", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23292", }, { cve: "CVE-2024-23291", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23291", }, { cve: "CVE-2024-23290", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23290", }, { cve: "CVE-2024-23289", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23289", }, { cve: "CVE-2024-23288", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23288", }, { cve: "CVE-2024-23287", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23287", }, { cve: "CVE-2024-23286", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23286", }, { cve: "CVE-2024-23284", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23284", }, { cve: "CVE-2024-23283", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23283", }, { cve: "CVE-2024-23280", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23280", }, { cve: "CVE-2024-23278", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23278", }, { cve: "CVE-2024-23277", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23277", }, { cve: "CVE-2024-23273", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23273", }, { cve: "CVE-2024-23270", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23270", }, { cve: "CVE-2024-23265", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23265", }, { cve: "CVE-2024-23264", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23264", }, { cve: "CVE-2024-23263", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23263", }, { cve: "CVE-2024-23262", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23262", }, { cve: "CVE-2024-23259", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23259", }, { cve: "CVE-2024-23257", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23257", }, { cve: "CVE-2024-23255", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23255", }, { cve: "CVE-2024-23254", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23254", }, { cve: "CVE-2024-23252", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23252", }, { cve: "CVE-2024-23250", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23250", }, { cve: "CVE-2024-23246", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23246", }, { cve: "CVE-2024-23242", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23242", }, { cve: "CVE-2024-23241", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23241", }, { cve: "CVE-2024-23240", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23240", }, { cve: "CVE-2024-23239", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23239", }, { cve: "CVE-2024-23235", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23235", }, { cve: "CVE-2024-23231", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23231", }, { cve: "CVE-2024-23226", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23226", }, { cve: "CVE-2024-23220", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23220", }, { cve: "CVE-2024-23218", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23218", }, { cve: "CVE-2024-23205", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23205", }, { cve: "CVE-2024-23204", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23204", }, { cve: "CVE-2024-23203", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-23203", }, { cve: "CVE-2024-0258", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2024-0258", }, { cve: "CVE-2023-28826", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2023-28826", }, { cve: "CVE-2022-48554", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Apple iOS und Apple iPadOS. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Accessibility, Bluetooth oder dem Kernel, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie unzulässige Zugriffsbeschränkungen, unzulässige Speicherbehandlung oder unzulässige Validierung von Benutzereingaben. Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Phishing-Angriffe durchzuführen, seine Privilegien zu erweitern, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand zu verursachen oder beliebigen Code auszuführen. Zur Ausnutzung einger dieser Schwachstellen ist eine Benutzeraktion, wie z.B. die Nutzung einer bösartigen App erforderlich.", }, ], release_date: "2024-03-07T23:00:00.000+00:00", title: "CVE-2022-48554", }, ], }
cve-2024-23246
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:34
Severity ?
EPSS score ?
Summary
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to break out of its sandbox.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:16.7:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "16.7.6", status: "affected", version: "16.7", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:16.7:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "16.7.6", status: "affected", version: "16.7", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "17.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:17.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "17.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "safari", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "macos", vendor: "apple", versions: [ { lessThan: "14.4", status: "affected", version: "14.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.4", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.1", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "webkitgtk", vendor: "webkitgtk", versions: [ { lessThan: "2.45.2", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23246", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-18T04:00:44.136279Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-06T14:04:44.881Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.063Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to break out of its sandbox.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to break out of its sandbox", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:08:25.668Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23246", datePublished: "2024-03-08T01:35:32.589Z", dateReserved: "2024-01-12T22:22:21.483Z", dateUpdated: "2025-02-13T17:34:14.202Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23280
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.150Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214089", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/03/26/1", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ios", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipados", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "safari", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23280", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-28T20:33:30.944280Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-31T16:45:41.969Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user.", }, ], problemTypes: [ { descriptions: [ { description: "A maliciously crafted webpage may be able to fingerprint the user", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-07T06:06:16.536Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214089", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/", }, { url: "http://www.openwall.com/lists/oss-security/2024/03/26/1", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23280", datePublished: "2024-03-08T01:36:14.625Z", dateReserved: "2024-01-12T22:22:21.499Z", dateUpdated: "2025-02-13T17:39:26.737Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23235
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:34
Severity ?
EPSS score ?
Summary
A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to access user-sensitive data.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.4", status: "affected", version: "14.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ios", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23235", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-03-11T16:21:14.723503Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-31T18:12:37.705Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:31.970Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to access user-sensitive data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access user-sensitive data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:00.781Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23235", datePublished: "2024-03-08T01:36:04.430Z", dateReserved: "2024-01-12T22:22:21.480Z", dateUpdated: "2025-02-13T17:34:08.282Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23250
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-03-27 15:21
Severity ?
EPSS score ?
Summary
An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to access Bluetooth-connected microphones without user permission.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23250", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-12T18:12:05.442356Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-27T15:21:44.164Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.324Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to access Bluetooth-connected microphones without user permission.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access Bluetooth-connected microphones without user permission", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:08:02.423Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23250", datePublished: "2024-03-08T01:35:33.516Z", dateReserved: "2024-01-12T22:22:21.486Z", dateUpdated: "2025-03-27T15:21:44.164Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23204
Vulnerability from cvelistv5
Published
2024-01-23 00:25
Modified
2025-02-13 17:33
Severity ?
EPSS score ?
Summary
The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:31.999Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214059", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214060", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214061", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jan/33", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jan/36", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jan/39", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214085", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user.", }, ], problemTypes: [ { descriptions: [ { description: "A shortcut may be able to use sensitive data with certain actions without prompting the user", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T22:08:40.834Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214059", }, { url: "https://support.apple.com/en-us/HT214060", }, { url: "https://support.apple.com/en-us/HT214061", }, { url: "http://seclists.org/fulldisclosure/2024/Jan/33", }, { url: "http://seclists.org/fulldisclosure/2024/Jan/36", }, { url: "http://seclists.org/fulldisclosure/2024/Jan/39", }, { url: "https://support.apple.com/kb/HT214082", }, { url: "https://support.apple.com/kb/HT214083", }, { url: "https://support.apple.com/kb/HT214085", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23204", datePublished: "2024-01-23T00:25:30.276Z", dateReserved: "2024-01-12T22:22:21.475Z", dateUpdated: "2025-02-13T17:33:50.468Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23254
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:34
Severity ?
EPSS score ?
Summary
The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23254", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-08T15:22:13.972787Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-04T17:21:36.617Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.080Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214089", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/03/26/1", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin.", }, ], problemTypes: [ { descriptions: [ { description: "A malicious website may exfiltrate audio data cross-origin", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-07T06:06:08.214Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214089", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { url: "http://www.openwall.com/lists/oss-security/2024/03/26/1", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23254", datePublished: "2024-03-08T01:36:07.243Z", dateReserved: "2024-01-12T22:22:21.487Z", dateUpdated: "2025-02-13T17:34:18.949Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23291
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A malicious app may be able to observe user data in log entries related to accessibility notifications.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.214Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ios", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipados", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23291", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-05T16:27:23.080978Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-05T16:30:08.296Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A malicious app may be able to observe user data in log entries related to accessibility notifications.", }, ], problemTypes: [ { descriptions: [ { description: "A malicious app may be able to observe user data in log entries related to accessibility notifications", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:47.318Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23291", datePublished: "2024-03-08T01:35:50.295Z", dateReserved: "2024-01-12T22:22:21.501Z", dateUpdated: "2025-02-13T17:39:33.744Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23297
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4. A malicious application may be able to access private information.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23297", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-14T17:50:33.525824Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-27T13:33:12.651Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.163Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4. A malicious application may be able to access private information.", }, ], problemTypes: [ { descriptions: [ { description: "A malicious application may be able to access private information", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T22:06:12.258Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23297", datePublished: "2024-03-08T01:36:12.770Z", dateReserved: "2024-01-12T22:22:21.502Z", dateUpdated: "2025-02-13T17:39:37.278Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23231
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:34
Severity ?
EPSS score ?
Summary
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6. An app may be able to access user-sensitive data.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.4 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.073Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214085", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23231", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-14T18:40:42.656077Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-31T17:27:36.348Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6. An app may be able to access user-sensitive data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access user-sensitive data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:57.256Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "https://support.apple.com/kb/HT214085", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23231", datePublished: "2024-03-08T01:35:38.235Z", dateReserved: "2024-01-12T22:22:21.479Z", dateUpdated: "2025-02-13T17:34:05.704Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23241
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:34
Severity ?
EPSS score ?
Summary
This issue was addressed through improved state management. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to leak sensitive user information.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23241", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-12T15:42:05.900296Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-922", description: "CWE-922 Insecure Storage of Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-18T21:02:43.242Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.061Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed through improved state management. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to leak sensitive user information.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to leak sensitive user information", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:14.333Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23241", datePublished: "2024-03-08T01:35:26.031Z", dateReserved: "2024-01-12T22:22:21.482Z", dateUpdated: "2025-02-13T17:34:10.709Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23273
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.140Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214089", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23273", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-27T19:31:28.016236Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-295", description: "CWE-295 Improper Certificate Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-30T19:43:36.912Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication.", }, ], problemTypes: [ { descriptions: [ { description: "Private Browsing tabs may be accessed without authentication", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:06:08.842Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214089", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23273", datePublished: "2024-03-08T01:35:54.940Z", dateReserved: "2024-01-12T22:22:21.498Z", dateUpdated: "2025-02-13T17:39:22.331Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23288
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-03-20 21:22
Severity ?
EPSS score ?
Summary
This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to elevate privileges.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.152Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23288", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-28T15:45:10.369323Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-266", description: "CWE-266 Incorrect Privilege Assignment", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-20T21:22:17.525Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to elevate privileges.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to elevate privileges", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:08:23.848Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23288", datePublished: "2024-03-08T01:35:40.080Z", dateReserved: "2024-01-12T22:22:21.501Z", dateUpdated: "2025-03-20T21:22:17.525Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23283
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to access user-sensitive data.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23283", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-08T14:08:53.623193Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-27T13:37:58.207Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.167Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to access user-sensitive data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access user-sensitive data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:08:20.502Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23283", datePublished: "2024-03-08T01:35:21.358Z", dateReserved: "2024-01-12T22:22:21.499Z", dateUpdated: "2025-02-13T17:39:28.636Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-0258
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-03-17 15:10
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T17:41:16.421Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-0258", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-11T04:01:22.658760Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-17T15:10:31.385Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:06:22.766Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-0258", datePublished: "2024-03-08T01:36:10.920Z", dateReserved: "2024-01-05T23:15:07.340Z", dateUpdated: "2025-03-17T15:10:31.385Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23270
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-03-27 20:04
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, tvOS 17.4. An app may be able to execute arbitrary code with kernel privileges.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.166Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:13.0:*:*:*:*:*:*:*", "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "12.7.4", status: "affected", version: "0", versionType: "custom", }, { lessThan: "13.6.5", status: "affected", version: "13.0", versionType: "custom", }, { lessThan: "14.4", status: "affected", version: "14.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23270", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-03-30T04:00:59.418738Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-27T20:04:13.760Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, tvOS 17.4. An app may be able to execute arbitrary code with kernel privileges.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to execute arbitrary code with kernel privileges", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:50.500Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23270", datePublished: "2024-03-08T01:35:35.392Z", dateReserved: "2024-01-12T22:22:21.492Z", dateUpdated: "2025-03-27T20:04:13.760Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23287
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-03-13 21:34
Severity ?
EPSS score ?
Summary
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4. An app may be able to access user-sensitive data.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23287", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-12T18:13:20.505379Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-377", description: "CWE-377 Insecure Temporary File", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-13T21:34:35.535Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.143Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4. An app may be able to access user-sensitive data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access user-sensitive data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:26.025Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23287", datePublished: "2024-03-08T01:35:49.346Z", dateReserved: "2024-01-12T22:22:21.501Z", dateUpdated: "2025-03-13T21:34:35.535Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28826
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-03-28 19:26
Severity ?
EPSS score ?
Summary
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.1, macOS Ventura 13.6.5. An app may be able to access sensitive user data.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-28826", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-08T15:46:00.540088Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-28T19:26:04.805Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T13:51:38.763Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT213984", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213984", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.1, macOS Ventura 13.6.5. An app may be able to access sensitive user data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access sensitive user data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T22:08:02.664Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT213984", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/kb/HT213984", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2023-28826", datePublished: "2024-03-08T01:35:28.817Z", dateReserved: "2023-09-14T19:03:36.082Z", dateUpdated: "2025-03-28T19:26:04.805Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23257
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-03-27 21:15
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 and iPadOS 16.7.6. Processing an image may result in disclosure of process memory.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23257", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-08T15:33:52.302723Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-27T21:15:19.444Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.110Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 and iPadOS 16.7.6. Processing an image may result in disclosure of process memory.", }, ], problemTypes: [ { descriptions: [ { description: "Processing an image may result in disclosure of process memory", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:06:51.146Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23257", datePublished: "2024-03-08T01:35:24.108Z", dateReserved: "2024-01-12T22:22:21.488Z", dateUpdated: "2025-03-27T21:15:19.444Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23278
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to break out of its sandbox.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "13.6", status: "affected", version: "13.0", versionType: "custom", }, { lessThan: "14.4", status: "affected", version: "14.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "16.7.6", status: "affected", version: "0", versionType: "custom", }, { lessThan: "17.4", status: "affected", version: "17.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", "cpe:2.3:o:apple:ipad_os:17.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "16.7.6", status: "affected", version: "0", versionType: "custom", }, { lessThan: "17.4", status: "affected", version: "17.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23278", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-23T15:00:35.806636Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-31T19:24:11.849Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.157Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214085", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to break out of its sandbox.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to break out of its sandbox", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:33.383Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "https://support.apple.com/kb/HT214085", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23278", datePublished: "2024-03-08T01:36:11.839Z", dateReserved: "2024-01-12T22:22:21.499Z", dateUpdated: "2025-02-13T17:39:25.638Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23226
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-03-17 20:34
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. Processing web content may lead to arbitrary code execution.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.102Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ios", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipados", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23226", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-03-29T04:00:23.524335Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-17T20:34:57.389Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. Processing web content may lead to arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Processing web content may lead to arbitrary code execution", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:06:43.374Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23226", datePublished: "2024-03-08T01:35:41.905Z", dateReserved: "2024-01-12T22:22:21.478Z", dateUpdated: "2025-03-17T20:34:57.389Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23240
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2024-11-22 19:06
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apple | iOS and iPadOS |
Version: unspecified < 17.4 |
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 2.4, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23240", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-12T15:42:18.084721Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-22T19:06:28.817Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.061Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication.", }, ], problemTypes: [ { descriptions: [ { description: "Shake-to-undo may allow a deleted photo to be re-surfaced without authentication", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-08T01:35:22.282Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214081", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23240", datePublished: "2024-03-08T01:35:22.282Z", dateReserved: "2024-01-12T22:22:21.481Z", dateUpdated: "2024-11-22T19:06:28.817Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23239
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-03-13 21:07
Severity ?
EPSS score ?
Summary
A race condition was addressed with improved state handling. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to leak sensitive user information.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23239", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-13T21:01:31.786931Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-362", description: "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-13T21:07:32.221Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.102Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A race condition was addressed with improved state handling. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to leak sensitive user information.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to leak sensitive user information", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:04.045Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23239", datePublished: "2024-03-08T01:36:09.093Z", dateReserved: "2024-01-12T22:22:21.480Z", dateUpdated: "2025-03-13T21:07:32.221Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23284
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-03-28 20:45
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | visionOS |
Version: unspecified < 1.1 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.132Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214089", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/03/26/1", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23284", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-07T04:00:29.525435Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-693", description: "CWE-693 Protection Mechanism Failure", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-28T20:45:42.133Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may prevent Content Security Policy from being enforced", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-07T06:06:10.355Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214089", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/", }, { url: "http://www.openwall.com/lists/oss-security/2024/03/26/1", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23284", datePublished: "2024-03-08T01:35:43.782Z", dateReserved: "2024-01-12T22:22:21.499Z", dateUpdated: "2025-03-28T20:45:42.133Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23218
Vulnerability from cvelistv5
Published
2024-01-23 00:25
Modified
2025-02-13 17:33
Severity ?
EPSS score ?
Summary
A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.071Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214059", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214055", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214060", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214061", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jan/33", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jan/36", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jan/39", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jan/40", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214085", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2024-23218", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-23T16:07:56.317583Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-29T14:26:33.596Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key.", }, ], problemTypes: [ { descriptions: [ { description: "An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T22:07:46.341Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214059", }, { url: "https://support.apple.com/en-us/HT214055", }, { url: "https://support.apple.com/en-us/HT214060", }, { url: "https://support.apple.com/en-us/HT214061", }, { url: "http://seclists.org/fulldisclosure/2024/Jan/33", }, { url: "http://seclists.org/fulldisclosure/2024/Jan/36", }, { url: "http://seclists.org/fulldisclosure/2024/Jan/39", }, { url: "http://seclists.org/fulldisclosure/2024/Jan/40", }, { url: "https://support.apple.com/kb/HT214082", }, { url: "https://support.apple.com/kb/HT214083", }, { url: "https://support.apple.com/kb/HT214085", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23218", datePublished: "2024-01-23T00:25:38.999Z", dateReserved: "2024-01-12T22:22:21.477Z", dateUpdated: "2025-02-13T17:33:58.730Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23293
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
This issue was addressed through improved state management. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An attacker with physical access may be able to use Siri to access sensitive user data.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23293", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-08T14:00:43.055654Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-22T15:21:29.502Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.180Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed through improved state management. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An attacker with physical access may be able to use Siri to access sensitive user data.", }, ], problemTypes: [ { descriptions: [ { description: "An attacker with physical access may be able to use Siri to access sensitive user data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:08:00.602Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23293", datePublished: "2024-03-08T01:35:30.712Z", dateReserved: "2024-01-12T22:22:21.501Z", dateUpdated: "2025-02-13T17:39:34.941Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23290
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to access user-sensitive data.
References
Impacted products
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23290", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-08T15:23:18.674222Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-922", description: "CWE-922 Insecure Storage of Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-04T17:27:59.768Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.155Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to access user-sensitive data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access user-sensitive data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:31.463Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23290", datePublished: "2024-03-08T01:35:58.743Z", dateReserved: "2024-01-12T22:22:21.501Z", dateUpdated: "2025-02-13T17:39:33.194Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23259
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-03-28 23:19
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.4 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23259", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-08T16:11:48.549633Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-28T23:19:58.776Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.176Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service.", }, ], problemTypes: [ { descriptions: [ { description: "Processing web content may lead to a denial-of-service", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:42.285Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23259", datePublished: "2024-03-08T01:36:21.185Z", dateReserved: "2024-01-12T22:22:21.488Z", dateUpdated: "2025-03-28T23:19:58.776Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23205
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:33
Severity ?
EPSS score ?
Summary
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to access sensitive user data.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.4 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:31.837Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23205", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-05T20:03:02.768427Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-922", description: "CWE-922 Insecure Storage of Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-20T15:41:30.858Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to access sensitive user data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access sensitive user data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:21.048Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23205", datePublished: "2024-03-08T01:35:46.579Z", dateReserved: "2024-01-12T22:22:21.476Z", dateUpdated: "2025-02-13T17:33:51.048Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23220
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:33
Severity ?
EPSS score ?
Summary
The issue was addressed with improved handling of caches. This issue is fixed in visionOS 1.1, iOS 17.4 and iPadOS 17.4. An app may be able to fingerprint the user.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | visionOS |
Version: unspecified < 1.1 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23220", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-12T15:42:30.438091Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-18T20:15:45.841Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.018Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved handling of caches. This issue is fixed in visionOS 1.1, iOS 17.4 and iPadOS 17.4. An app may be able to fingerprint the user.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to fingerprint the user", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T22:09:46.405Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23220", datePublished: "2024-03-08T01:35:29.755Z", dateReserved: "2024-01-12T22:22:21.477Z", dateUpdated: "2025-02-13T17:33:59.968Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23242
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:34
Severity ?
EPSS score ?
Summary
A privacy issue was addressed by not logging contents of text fields. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to view Mail data.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.4 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23242", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-08T15:21:43.014765Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-532", description: "CWE-532 Insertion of Sensitive Information into Log File", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-04T21:22:04.085Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.157Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A privacy issue was addressed by not logging contents of text fields. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to view Mail data.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to view Mail data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:58.984Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23242", datePublished: "2024-03-08T01:36:08.176Z", dateReserved: "2024-01-12T22:22:21.482Z", dateUpdated: "2025-02-13T17:34:11.302Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23263
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | visionOS |
Version: unspecified < 1.1 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.1", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:16.7:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "16.7.6", status: "affected", version: "16.7", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:16.7:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "16.7.6", status: "affected", version: "16.7", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "17.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:17.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "17.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "macos", vendor: "apple", versions: [ { lessThan: "14.4", status: "affected", version: "14.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.4", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "webkitgtk", vendor: "webkitgtk", versions: [ { lessThan: "2.45.2", status: "affected", version: "0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "safari", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23263", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-18T04:00:44.910447Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-06T14:06:07.414Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.071Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214089", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/03/26/1", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Safari", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.", }, ], problemTypes: [ { descriptions: [ { description: "Processing maliciously crafted web content may prevent Content Security Policy from being enforced", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-07T06:06:05.876Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214089", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/20", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/", }, { url: "http://www.openwall.com/lists/oss-security/2024/03/26/1", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23263", datePublished: "2024-03-08T01:36:19.295Z", dateReserved: "2024-01-12T22:22:21.490Z", dateUpdated: "2025-02-13T17:39:16.216Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23286
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. Processing an image may lead to arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | visionOS |
Version: unspecified < 1.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "iphone_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "17.0", versionType: "custom", }, { lessThan: "16.7", status: "affected", version: "16.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "12.7", status: "affected", version: "12.0", versionType: "custom", }, { lessThan: "13.6", status: "affected", version: "13.0", versionType: "custom", }, { lessThan: "14.4", status: "affected", version: "14.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipados", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "17.0", versionType: "custom", }, { lessThan: "16.7", status: "affected", version: "16.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23286", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-11T04:01:01.218461Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-30T15:25:19.865Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.209Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. Processing an image may lead to arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Processing an image may lead to arbitrary code execution", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:10.565Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23286", datePublished: "2024-03-08T01:36:00.661Z", dateReserved: "2024-01-12T22:22:21.500Z", dateUpdated: "2025-02-13T17:39:30.696Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23265
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to cause unexpected system termination or write kernel memory.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | visionOS |
Version: unspecified < 1.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "tvos", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:visionos:1.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "visionos", vendor: "apple", versions: [ { lessThan: "1.1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "12.7", status: "affected", version: "0", versionType: "custom", }, { lessThan: "13.6", status: "affected", version: "0", versionType: "custom", }, { lessThan: "14.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:watchos:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "watchos", vendor: "apple", versions: [ { lessThan: "10.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ios", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipad_os", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23265", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-23T15:03:28.697942Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-31T18:06:57.257Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.131Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to cause unexpected system termination or write kernel memory.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to cause unexpected system termination or write kernel memory", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:43.897Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23265", datePublished: "2024-03-08T01:35:55.871Z", dateReserved: "2024-01-12T22:22:21.490Z", dateUpdated: "2025-02-13T17:39:17.449Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23277
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-03-13 17:06
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.4 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23277", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-08T14:20:08.272349Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-13T17:06:27.891Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.127Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard.", }, ], problemTypes: [ { descriptions: [ { description: "An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:02.470Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23277", datePublished: "2024-03-08T01:35:27.903Z", dateReserved: "2024-01-12T22:22:21.498Z", dateUpdated: "2025-03-13T17:06:27.891Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23292
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-03-27 20:22
Severity ?
EPSS score ?
Summary
This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to access information about a user's contacts.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.4 |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23292", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-08T15:32:21.572694Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-27T20:22:36.525Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.159Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to access information about a user's contacts.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to access information about a user's contacts", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:06:28.460Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23292", datePublished: "2024-03-08T01:35:44.713Z", dateReserved: "2024-01-12T22:22:21.501Z", dateUpdated: "2025-03-27T20:22:36.525Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-48554
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-08-03 15:17
Severity ?
EPSS score ?
Summary
File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:17:55.372Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugs.astron.com/view.php?id=310", }, { name: "DSA-5489", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5489", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231116-0002/", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214088", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214086", }, { name: "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { name: "20240313 APPLE-SA-03-07-2024-6 tvOS 17.4", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { name: "20240313 APPLE-SA-03-07-2024-5 watchOS 10.4", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T22:07:17.737915", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://bugs.astron.com/view.php?id=310", }, { name: "DSA-5489", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5489", }, { url: "https://security.netapp.com/advisory/ntap-20231116-0002/", }, { url: "https://support.apple.com/kb/HT214081", }, { url: "https://support.apple.com/kb/HT214088", }, { url: "https://support.apple.com/kb/HT214084", }, { url: "https://support.apple.com/kb/HT214086", }, { name: "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { name: "20240313 APPLE-SA-03-07-2024-6 tvOS 17.4", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { name: "20240313 APPLE-SA-03-07-2024-5 watchOS 10.4", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-48554", datePublished: "2023-08-22T00:00:00", dateReserved: "2023-07-23T00:00:00", dateUpdated: "2024-08-03T15:17:55.372Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23289
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
A lock screen issue was addressed with improved state management. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A person with physical access to a device may be able to use Siri to access private calendar information.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.4 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23289", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-23T14:58:26.390845Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-06T15:31:14.739Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.208Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214088", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "watchOS", vendor: "Apple", versions: [ { lessThan: "10.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A lock screen issue was addressed with improved state management. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A person with physical access to a device may be able to use Siri to access private calendar information.", }, ], problemTypes: [ { descriptions: [ { description: "A person with physical access to a device may be able to use Siri to access private calendar information", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:07:24.406Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "https://support.apple.com/en-us/HT214088", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/24", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23289", datePublished: "2024-03-08T01:35:36.328Z", dateReserved: "2024-01-12T22:22:21.501Z", dateUpdated: "2025-02-13T17:39:32.498Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23264
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An application may be able to read restricted memory.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | visionOS |
Version: unspecified < 1.1 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23264", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-12T15:41:26.141786Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-21T19:24:54.827Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.171Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214086", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214083", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214085", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "tvOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "13.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An application may be able to read restricted memory.", }, ], problemTypes: [ { descriptions: [ { description: "An application may be able to read restricted memory", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:06:47.181Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214086", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214083", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "https://support.apple.com/en-us/HT214085", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/25", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/23", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23264", datePublished: "2024-03-08T01:35:53.088Z", dateReserved: "2024-01-12T22:22:21.490Z", dateUpdated: "2025-02-13T17:39:16.817Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23203
Vulnerability from cvelistv5
Published
2024-01-23 00:25
Modified
2025-02-13 17:33
Severity ?
EPSS score ?
Summary
The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.3 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:31.889Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214059", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214061", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jan/33", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Jan/36", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214082", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT214085", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user.", }, ], problemTypes: [ { descriptions: [ { description: "A shortcut may be able to use sensitive data with certain actions without prompting the user", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T22:08:00.896Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214059", }, { url: "https://support.apple.com/en-us/HT214061", }, { url: "http://seclists.org/fulldisclosure/2024/Jan/33", }, { url: "http://seclists.org/fulldisclosure/2024/Jan/36", }, { url: "https://support.apple.com/kb/HT214082", }, { url: "https://support.apple.com/kb/HT214085", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/22", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23203", datePublished: "2024-01-23T00:25:33.071Z", dateReserved: "2024-01-12T22:22:21.475Z", dateUpdated: "2025-02-13T17:33:49.811Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23262
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 1.1, iOS 17.4 and iPadOS 17.4, iOS 16.7.6 and iPadOS 16.7.6. An app may be able to spoof system notifications and UI.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | visionOS |
Version: unspecified < 1.1 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.059Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214087", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214082", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23262", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-05T20:00:59.948255Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-21T15:00:22.888Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "visionOS", vendor: "Apple", versions: [ { lessThan: "1.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "16.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 1.1, iOS 17.4 and iPadOS 17.4, iOS 16.7.6 and iPadOS 16.7.6. An app may be able to spoof system notifications and UI.", }, ], problemTypes: [ { descriptions: [ { description: "An app may be able to spoof system notifications and UI", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T22:09:38.102Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214087", }, { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214082", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/26", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23262", datePublished: "2024-03-08T01:36:05.366Z", dateReserved: "2024-01-12T22:22:21.489Z", dateUpdated: "2025-02-13T17:39:15.618Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23255
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2025-02-13 17:34
Severity ?
EPSS score ?
Summary
An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. Photos in the Hidden Photos Album may be viewed without authentication.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.4 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T22:59:32.121Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214081", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/en-us/HT214084", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "macos", vendor: "apple", versions: [ { lessThan: "14.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ios", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ipados", vendor: "apple", versions: [ { lessThan: "17.4", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-23255", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-05T14:47:13.410010Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-05T14:47:23.273Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "iOS and iPadOS", vendor: "Apple", versions: [ { lessThan: "17.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "macOS", vendor: "Apple", versions: [ { lessThan: "14.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. Photos in the Hidden Photos Album may be viewed without authentication.", }, ], problemTypes: [ { descriptions: [ { description: "Photos in the Hidden Photos Album may be viewed without authentication", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-13T21:06:41.681Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, references: [ { url: "https://support.apple.com/en-us/HT214081", }, { url: "https://support.apple.com/en-us/HT214084", }, { url: "http://seclists.org/fulldisclosure/2024/Mar/21", }, ], }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23255", datePublished: "2024-03-08T01:36:16.498Z", dateReserved: "2024-01-12T22:22:21.487Z", dateUpdated: "2025-02-13T17:34:19.515Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23252
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{ containers: { cna: { providerMetadata: { dateUpdated: "2024-03-26T18:41:15.985Z", orgId: "286789f9-fbc2-4510-9f9a-43facdede74c", shortName: "apple", }, rejectedReasons: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", }, ], value: "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.", }, ], x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c", assignerShortName: "apple", cveId: "CVE-2024-23252", datePublished: "2024-03-08T01:35:45.663Z", dateRejected: "2024-03-26T18:41:15.985Z", dateReserved: "2024-01-12T22:22:21.486Z", dateUpdated: "2024-03-26T18:41:15.985Z", state: "REJECTED", }, dataType: "CVE_RECORD", dataVersion: "5.0", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.